peripherals hacks

Some people really enjoy the kind of computer mouse that would not be entirely out of place in a F-16 cockpit. The kind of mouse that can launch a browser with the gentle shifting of one of its thirty-eight buttons ever so slightly to the left and open their garage door with a shifting to the right of that same button. However, can this power be used for evil, and not just frustrating guest users of their computer?

We’ve heard of the trusted peripheral being repurposed for nefarious uses before. Sometimes they’ve even been modified for more benign purposes. All of these have a common trend. The mouse itself must be physically modified to add the vulnerability or feature. However, the advanced mice with macro support can be used as is for a vulnerability.

The example in this case is a Logitech G-series gaming mouse. The mouse has the ability to store multiple personal settings in its memory. That way someone could take the mouse to multiple computers and still have all their settings available. [Stefan Keisse] discovered that the 100 command limit on the macros for each button are more than enough to get a full reverse shell on the target computer.

Considering how frustratingly easy it can be to accidentally press an auxiliary button on these mice, all an attacker would need to do is wait after delivering the sabotaged mouse. Video of the exploit after the break.

We’ve seen custom controller mods for Kerbal Space Program before, but a group calling themselves the Makerforce went a step further with their design and build of the KSP “Overkill” Command Station, which has much more in common with a fancy standup arcade unit than a custom controller. Kerbal Space Program is a hit indie game that, among other things, simulates the challenges of spaceflight. Like most games, you use the mouse and keyboard for control but many fans find this too limiting. With the help of a software mod that exposes control and status information over hardware serial communications, the door to full telemetry and remote control was opened to just about anyone to craft their own custom hardware such as flight sticks and status displays. Not content with the idea of having just a joystick and a few buttons critical for the flight process, this project took a different approach.

You may be a hardcore keyboard aficionado whose buckled-spring switches will be pried from your cold dead hands, but there is a new model on the street that relegates your blank-key Das Keyboard or your trusty IBM Model M to the toy chest.

The new challenger comes from Reddit user [duckythescientist], who has created a minimalist three-key binary keyboard. It features a 0 key, a 1 key, a return key, and nothing else. Characters are entered as ASCII or Unicode, and the device emulates either a QWERTY or Dvorak keyboard layout to the host computer’s USB interface. It couldn’t be a simpler layout to learn, though we’d concede that not everyone has the entire binary Unicode table memorised.

The keys are mounted in a custom 3D printed case, and the electronics come from the creator’s own “tinydev” board based on an ATtiny85. All the code is available in a GitHub repository, and there is a very short video of its Unicode ability below the break.

Believe it or not, some video games are still developed for the PC. With video games come cheat codes, and when they’re on the PC, that means using a keyboard. You can easily program any microcontroller to send a string of characters over a USB port with the touch of a button. Believe it or not, a lot of people haven’t put these two facts together. [danjovic] has, leading him to build a simple and cheap USB keystroke generator for quickly typing in cheat codes.

[danjovic] is basing his build around a Digispark, a cheap, USB-enabled ATtiny85 dev board. This, of course, means there’s not a lot of pins to play with – there are only four I/O pins, and one of them is connected to ground by a LED. That leaves only three I/O pins, but [danjovic] managed to put seven different cheats in his project using diodes and something that is almost charlieplexing.

If you’re wondering, this is a very inexpensive project. [danjovic] is using a Chinese digispark clone, a handful of 1N4148 diodes, and a few tact switches. Anyone with a well-stocked part drawer or a tenner on eBay could build this. If you want the proof of work for this project, you can check out the demo video below.

[Neumi] wrote in with a sweet robotics hack. It’s a 2D laser distance sensor (YouTube) made with a cheap line laser and an optical mouse’s flow-sensor chip used as a low-resolution camera. In one sense, it’s a standard laser-distance-sensor project. But it is clever for a whole bunch of reasons.

For one, using a mouse sensor as a low-res camera is awesome. It’s designed to read from a standard red LED, so the sensitivity is in just the right ballpark for use with a line laser. It returns a 30×30 pixel greyscale image, which is just about the right amount of data for a low-end microcontroller to handle and keep up with the framerate without resorting to coding tricks.

It’s also no coincidence that these sensors are available with lenses built in, for relatively cheap, on eBay. Apparently the quadcopter gurus use them as if they were mice to visually track their quad’s motion. Hacker spillover!

Detecting the laser line as it reflects off of whatever objects are lying on [Neumi]’s floor could also possibly prove difficult, and might produce false readings in the presence of background illumination. So [Neumi] takes two readings with the camera — one with the laser on and one with it off — and differences them. Done fast enough, this should reduce any non-laser sources down to the sensor’s noise floor. Finally, there’s some thresholding and averaging going on behind the scenes that help make everything work out right. The code is up on GitHub.

There are a ton of applications that we use that can benefit from keyboard shortcuts, and we use ’em religiously. Indeed, there are some tasks that we do so often that they warrant their own physical button. And the only thing cooler than custom keyboards are custom keyboards that you’ve made yourself.

Which brings us to [Dan]’s four-button Cherry MX USB keypad. It’s not really all that much more than four keyswitch footprints and an AVR ATmega32u4, but that plus some software is all you really need. He programs the Arduino bootloader into the chip, and then he’s using the Arduino Leonardo keyboard libraries. Bam! Check out the video below.

What do you do when you decide that running CP/M on a Commodore 128 with a 5.25″ drive “Isn’t CP/M enough”? If you are [Chris Osborn], you reach for your trusty TRS-80 Model II, with its much more CP/M-appropriate 8″ drive.

There was one small snag with the TRS-80 though, its keyboard didn’t work. It’s a capacitive device, meaning that instead of each key activating a switch, it contains a capacitive sensor activated by a piece of aluminized Mylar film on a piece of foam. Nearly four decades of decay had left the foam in [Chris]’s example sadly deflated, leaving the keys unable to perform. Not a problem, he cast around for modern alternatives and crafted replacements from a combination of foam weather strip and metalized gift wrap.

Care had to be taken to ensure that the non-metalized side of the gift wrap faced the capacitive sensor pads, and that the weather strip used had the right thickness to adequately fill the gap. But the result was a keyboard that worked, and for a lot less outlay and effort than he’d expected. We would guess that this will be a very useful technique for owners of other period machines with similar keyboards.

What is CP/M, I hear you ask? Before there was Linux, Windows, and MacOS, there was DOS, and before DOS, there was CP/M. In the 1970s this was the go-to desktop operating system, running on machines powered by Intel’s 8080 and its derivatives like the Zilog Z80 in the TRS-80. When IBM needed an OS for their new PC they initially courted CP/M creators Digital Research, but eventually they hired a small software company called Microsoft instead, and the rest is history. Digital Research continued producing CP/M and its derivatives, as well as an MS-DOS clone and the GEM GUI that may be familiar to Atari ST owners, but were eventually absorbed into Novell in the 1990s.